- Tags: #ssh #github #git #sshkeys #signing #gitcommits #gittags #gitreleases #detachedsignatures #bestpractices #security #softwareprovenance #softwaresupplychain #list #links #unsorted #unannotated
- Gist Minor Release 0.1.0 [2024-01-17] (for information on this versioning scheme, see Status & Versioning)
- Copyright ©️2024 by Christopher Allen, and is shared under CC-BY-SA-4.0 open-source license. See my Lists of High-Signal, Low Noise Links repo's README.md for more details.
SSH signing for Git commits has gained traction as a secure alternative to GPG signing. This method leverages existing SSH keys, commonly used for authentication, to sign commits and tags. The integration of SSH signing simplifies the process for developers, who often already have SSH keys, and eliminates the need for a separate set of keys or tools required by other methods such as GPG. It is also possible to sign code releases and binaries with SSH, however, this practice is current rare (GPG is used instead).
One challenge is that best practices suggest that separate SSH keys should be used for authentication and signing. This is based on recommendations by security professionals and standards such as NIST, which advocate for using a single key for only one purpose to reduce security risks. This separation is particularly crucial as the SSH signing functionality is relatively new, and initially, SSH was primarily used for authentication, not requiring key separation.
The current practice on platforms like GitHub, where authentication keys are publicly visible, but signing keys less so has led to confusion and security risks, as it encourages the use of the same key for both authentication and signing. There's a growing need for clear guidelines and tools to facilitate the generation and management of separate SSH keys for different purposes, ensuring a secure and effective transition to SSH signing.
- It's Now Possible To Sign Arbitrary Data With Your SSH Keys (2021-11-12). [blog post]. Ayer, Andrew. Retrieved 2024-01-17 from: https://www.agwa.name/blog/post/ssh_signatures.
TAGS: #SSHKeygen #DataSigning #OpenSSH #Cybersecurity #PGPAlternative #DigitalSignatures #SSH #Authentication #Cryptography #TechInnovation
SHORT ABSTRACT: "This post explores the underutilized capability of using the
ssh-keygen
command for signing and verifying arbitrary data, a feature introduced in OpenSSH 8.0. Ayer criticizes PGP for its complexity and poor user experience, highlighting SSH signatures as a simpler and more ubiquitous alternative. He discusses the ease of SSH key distribution, the security of its key management, and upcoming features like Git commit signing with SSH."KEY QUOTES:
- "SSH signatures provide a viable, user-friendly alternative to PGP for signing data, given SSH's widespread use and simpler key distribution."
- "OpenSSH 8.0's introduction of the capability to sign arbitrary data with SSH keys marks a significant step towards secure and accessible digital signature practices."
- "The integration of SSH signatures in common tools like Git, and the ease of using existing SSH keys for signing, positions SSH as a preferable method for digital authentication."
- What’s the Curve25519 clamping all about? – Neil Madden
- An Explainer On Ed25519 Clamping
- ed25519 Keys
- [curves] Ed25519 "clamping" and its effect on hierarchical key derivation
- How does the actual ed25519 derivation work (2021-01-26). [GitHub issue discussion]. jacogr. Retrieved 2024-01-17 from GitHub/Zondax/ledger-polkadot: Zondax/ledger-polkadot#61.
TAGS: #ed25519Derivation #Cryptography #KeyDerivation #OpenSourceDiscussion #GitHubIssue #LedgerIntegration #Cybersecurity #MnemonicKeyRecovery #SoftwareDevelopment #ProgrammingChallenges
SHORT ABSTRACT: "This GitHub issue delves into the technical challenges of ed25519 key derivation, specifically in the context of Ledger hardware wallet integration. The discussion involves various attempts and methods for deriving keys from mnemonics, exploring compatibility issues and technical intricacies of different cryptographic approaches."
KEY QUOTES: "These different implementations all arrange the keys and signatures slightly differently...I've tried to give python-ed25519 a good interface for use in other projects."
- RELATED :
- slips/slip-0010.md at master · satoshilabs/slips
- Address derivation details of Ledger app · Issue #43 · Zondax/ledger-polkadot
- Ledger-compatible key derivation in subkey · Issue #7824 · paritytech/substrate
- alepop/ed25519-hd-key: Key Derivation for ed25519
- schnorrkel/src/derive.rs at master · w3f/schnorrkel
- Ed25519 "clamping" and its effect on hierarchical key derivation
- [Cfrg] Interest in an "Ed25519-HD" standard?
- Ed25519 Keys (2011-11-29). [blog post]. Warner, Brian. Retrieved 2024-01-17 from Mozilla Blog: https://blog.mozilla.org/warner/2011/11/29/ed25519-keys/.
TAGS: #Ed25519 #Cryptography #KeyFormats #PythonImplementations #DigitalSignatures #Security #TechnologyExplained #Cybersecurity #SoftwareDevelopment #CryptographicAlgorithms SHORT ABSTRACT: "An in-depth explanation of different implementations and key formats of the Ed25519 signature system, including variations in key arrangements across implementations, details their handling in the Python-ed25519 library, NaCl's approach, and SUPERCOP benchmarks. The post also elaborates on the technical process of generating and handling Ed25519 keys and signatures." KEY QUOTES: "Ed25519 keys start life as a 32-byte (256-bit) uniformly random binary seed, which is hashed using SHA512, split into a 'left half' and a 'right half', and then processed to generate private and public keys." "These different implementations all arrange the keys and signatures slightly differently...I've tried to give python-ed25519 a good interface for use in other projects."
(this is not confirmed!)
struct PrivateKey {
check_bytes: Vec<u8>, // Random bytes used to check passphrase integrity (used when the key is encrypted)
key_type: String, // The type of the private key (should match the public key type, e.g., "ssh-ed25519", "ssh-rsa")
public_key_data: Vec<u8>, // Corresponding public key data
private_key_data: Vec<u8>, // The actual private key data in bytes
}
struct PublicKey {
key_type: String, // The type of the public key (e.g., "ssh-ed25519", "ssh-rsa")
key_data: Vec<u8>, // The actual key data in bytes
}
struct OpenSshKey {
magic: String, // Magic header for identifying the file format, usually "openssh-key-v1" followed by a null byte
cipher_name: String, // Name of the cipher used for encryption (e.g., "none" for no encryption)
kdf_name: String, // Key Derivation Function name (e.g., "none" for no KDF, "bcrypt" for bcrypt KDF)
kdf_options: Vec<u8>, // Options for the Key Derivation Function, if any
num_keys: u32, // Number of key pairs in the file (typically 1)
public_keys: Vec<PublicKey>, // List of public keys
private_keys: Vec<PrivateKey>, // List of corresponding private keys
}
struct SshSignature {
key_identifier: String, // Identifier of the key used to create the signature (could be a username, key fingerprint, etc.)
signature_format: String, // Signature format (e.g., "ssh-ed25519", "ssh-rsa")
signature_data: Vec<u8>, // The raw signature data; for ed25519, this is typically a 64-byte array
}
- OpenSSH ed25519 Private Key File Format (2017-12-01). [blog post]. Lyons, Peter. Retrieved 2024-01-17 from Peter Lyons' Blog: https://peterlyons.com/problog/2017/12/openssh-ed25519-private-key-file-format/.
TAGS: #OpenSSH #ed25519KeyFormat #Cryptography #PrivateKeyAnalysis #EllipticCurveCryptography #SSHKeyGeneration #Cybersecurity #TechnologyExplained #SoftwareDevelopment #TechnicalInsights
SHORT ABSTRACT: "This detailed blog post explores the OpenSSH private key format for ed25519 keys, offering a comprehensive byte-by-byte analysis. It discusses generating and analyzing keys, both with and without a passphrase, and provides insights into elliptic curve cryptography. The post serves as a technical reference for understanding the specifics of the ed25519 private key file format in OpenSSH."
KEY QUOTES: "So here for the record is a 'complete' byte-by-byte analysis of what's inside an OpenSSH ed25519 private key (both with and without a passphrase)."; "You could dig even deeper into the keys themselves to extract the various specific numbers (usually they have 1-letter names from the math equations they belong to like e,n,p,q etc) but I didn't bother for this since for this key format all I want to know is that it's an ed25519 private key and whether or not it has a passphrase"
- RELATED :
- ssh_key - Rust "Pure Rust implementation of SSH key file format decoders/encoders as described in RFC4251 and RFC4253 as well as OpenSSH’s PROTOCOL.key format specification." > * Signature in ssh_key - Rust
- thrussh_keys - Rust "methods to deal with SSH keys, as defined in crate Thrussh. This includes in particular various functions for opening key files, deciphering encrypted keys, and dealing with agents."
-
It's 255:19AM. Do you know what your validation criteria are? (2020-10-04). [blog post]. de Valence, Henry. Retrieved 2024-01-21 from: https://hdevalence.ca/blog/2020-10-04-its-25519am.
TAGS: #Ed25519 #DigitalSignatures #ValidationCriteria #SecurityRisks #NetworkPartition #ConsensusFork #RFC8032 #DistributedSystems #ZIP215 #ImplementationBehaviors #CanonicalEncoding #BatchVerification
SHORT ABSTRACT: "Henry de Valence discusses the complexities and inconsistencies in the validation criteria of the Ed25519 digital signature scheme. The post delves into the risks of security breaches and network partitions arising from diverse implementation behaviors and the lack of standardized validation in RFC8032. It introduces ZIP215 as a solution to establish clear, consensus-critical validation criteria."
KEY POINTS:
- Ed25519 Signature Scheme's Validation Criteria: Addresses the lack of clear, standardized validation criteria in the Ed25519 digital signature scheme.
- RFC8032's Ambiguity: Points out that RFC8032, the standard for Ed25519, lacks explicit validation criteria, contributing to these inconsistencies.
- Survey of Existing Implementations: Provides an analysis of how different systems implement Ed25519 signature validation.
- Implementation Variability: Highlights how various implementations of Ed25519 have differing validation criteria, leading to potential issues.
- Canonical vs Non-Canonical Signatures: Explores the challenges related to canonical and non-canonical encoding in signature validation.
- Batch Verification and Signatures: Examines the role of batch verification in the context of Ed25519 signature validation.
- Security and Consensus Risks: Discusses the risks of network partitioning and consensus failure due to inconsistent signature validation.
- Potential for Network Partition: Emphasizes the real-world implications of inconsistent validation, such as network partition in distributed systems.
- Standardization Call to Action: Advocates for the need to standardize validation criteria across implementations to ensure security and reliability.
- ZIP215's Role: Introduces ZIP215, proposing precise validation criteria to address these issues in consensus-critical contexts.
KEY QUOTES:
- "Although the scheme was standardized in RFC8032, the RFC does not specify validation criteria, and does not require conformant implementations to agree on whether a particular signature is valid."
- "The result is an extremely wide variation in validation criteria across implemententations."
- "To fix this problem in Zcash, we chose to support both batch verification and backwards compatibility. The resulting rules are specified in ZIP215"
So far, apps typically treat the signature as a whole, without separating out the raw Ed25519 part. Needs further investigation.
- A Deep dive into Ed25519 Signatures
- Ed25519 Deep Dive Addendum
- MystenLabs/ed25519-unsafe-libs: List of unsafe ed25519 signature libs
- Miyoshi-Ryota/async-ssh2-tokio: asynchronous and easy-to-use high level ssh client library for rust "This library is an asynchronous and easy-to-use high level ssh client library for rust with the tokio runtime. Powered by the rust ssh implementation russh."
- warp-tech/russh: Rust SSH client & server library "Rust SSH client & server library. Low-level Tokio SSH2 client and server implementation. Examples: simple client, interactive PTY client, server, SFTP client, SFTP server. This is a fork of Thrussh by Pierre-Étienne Meunier."
- Pijul - Thrussh "Thrussh is the first Rust SSH library. The only non-Rust part is the crypto backend (handled by https://briansmith.org/rustdoc/ring/). This means that this library will never be subject to buffer overruns, double frees, etc. It is designed to work on any platform, and to work with asynchronous IO. This also allows it to be as fast as others, since less time is spent on checking memory allocations (compilers do that better than humans), and more time is spent on performance. Also, contrarily to others, Thrussh uses no Unix-specific features, which means it’s Windows-compatible."
- Signing Commits in Git, Explained (n.d.). [blog post]. Chacon, Scott. Retrieved 2024-01-17 from GitButler: https://blog.gitbutler.com/signing-commits-in-git-explained/.
TAGS: #Git #CommitSigning #GPG #SSH #OpenSSH #TechnicalGuide #SoftwareDevelopment #VersionControl #DigitalSecurity #Authentication
SHORT ABSTRACT: "This post explores the concept and methods of signing commits in Git, detailing the transition from using GPG keys to SSH. It addresses the technical complexities and the evolution of this practice, providing insights into both historical context and practical implementation."
KEY QUOTES:
- "However, it can be easily confusing and in 2012 (4 years after GitHub launched, as reference), Git got support for signing commits with a verifiable GPG key."
- "GitHub started supporting verifying GPG signatures in 2016, making signing commits more widespread."
- "OpenSSH 8.0 added support in
ssh-keygen
to sign and verify signatures on arbitrary data." - "Most developers using Git in any fashion already had SSH keys setup."
- "We're using the git2 Rust bindings, so for us writing a signed commit means generating a commit how you normally would but instead of running the commit() function to write to the odb, you write the commit data as a buffer using commit_create_buffer() and then convert that buffer into a string and sign it with an SSH key, which in our case means using SshSig.sign in the ssh_key crate"
- age: A simple, modern and secure encryption tool with SSH key support (n.d.). [GitHub repository]. FiloSottile. Retrieved 2024-01-17 from: https://github.com/FiloSottile/age#ssh-keys.
TAGS: #EncryptionTool #SSHKeys #Security #ModernCryptography #GoLibrary #OpenSource #TechDevelopment #SecureCommunication #Coding #SoftwareDevelopment
SHORT ABSTRACT: "age is an open-source encryption tool and Go library notable for its simplicity, modern approach, and secure design. It notably supports SSH keys, emphasizing ease of use, with minimal configuration, aligning with UNIX-style composability. This tool is geared towards developers and users prioritizing efficient and secure encryption practices in modern computing."
KEY QUOTES:
- "age is a simple, modern and secure file encryption tool, format, and Go library."
- "It uses small explicit keys, no config options, and UNIX-style composability."
- "The format specification includes a description of how to use age with SSH keys."
As a convenience feature, age also supports encrypting to ssh-rsa and ssh-ed25519 SSH public keys, and decrypting with the respective private key file. (ssh-agent is not supported.)
$ age -R ~/.ssh/id_ed25519.pub example.jpg > example.jpg.age
age -d -i ~/.ssh/id_ed25519 example.jpg.age > example.jpg
Note that SSH key support employs more complex cryptography, and embeds a public key tag in the encrypted file, making it possible to track files that are encrypted to a specific public key.Encrypting to a GitHub user
Combining SSH key support and -R, you can easily encrypt a file to the SSH keys listed on a GitHub profile.
$ curl https://github.com/benjojo.keys | age -R - example.jpg > example.jpg.age
Keep in mind that people might not protect SSH keys long-term, since they are revokable when used only for authentication, and that SSH keys held on YubiKeys can't be used to decrypt files.
RELATED:
- I want to upgrade/move my relay. How do I keep the same identity? | Tor Project | Support
- About commit signature verification - GitHub Docs
- Improving Git protocol security on GitHub - The GitHub Blog
- Create separate signing keys for Git commits · Issue #54 · dolmen/github-keygen
- It's Now Possible To Sign Arbitrary Data With Your SSH Keys
- digital signature - Is it possible to sign a file using an ssh key? - Super User
- Docs should mention
gpg.ssh.allowedSignersFile
· Issue #28577 · github/docs - docs/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md at main · github/docs
- dolmen/github-keygen: Easy creation of secure SSH configuration for your GitHub account(s)
- Enable SSH-signed commit/tag on git
- MacOS Sonoma New Dev System Notes
- git - How can I view my public and private SSH key in Github? - Stack Overflow
- Git commit signing with SSH keys — stubborn error about allowedSignersFile - Super User
- How to Separate your Cryptographic Keys - Crypto Quantique
- linux - How do I sign a file using SSH and verify it using a certificate authority? - Super User
- Retrieve a GitHub user's ssh signing keys not auth #2398911 - GitHub Support
- Script to set up commit signing using your SSH key.
- Secure Secure Shell
- Securing git with SSH and FIDO2
- Sign commits with SSH keys | GitLab
- Sign Git tags with SSH keys (#384473) · Issues · GitLab.org / GitLab · GitLab
- Sign your git commits with ssh keys instead of gpg - Dev Oops - All things Arch, Debian and Python
- signing commits with SSH keys
- Signing git commits and tags with an SSH key
- Signing Git Commits with SSH Keys - blog.dbrgn.ch
- Signing Git Commits with Your SSH Key
- SSH Commands - IT Fundamentals
- 005_Setup_computer_name.sh
- Git "Prepare Before" Snippet
- https://calebhearth.com/get_authorized_signers.rb
- macOS GitHub, SSH & GPG Setup
- MacOS Keychain for Git, GitHub, SSH, GPG
- Setup new macOS machine
- About commit signature verification - GitHub Docs
- encryption - What are ssh-keygen best practices? - Information Security Stack Exchange
- (29) Enhance Security of your SSH Keys with ed25519 Algorithm | LinkedIn
- SSH is the new GPG - Sigstore Blog